Next time Gov. Chris Christie desires to create traffic problems around the George Washington Bridge, this individual have more sophisticated options than a conjured-up study and orange cones.
Alarming new research released this week details how cyber hackers can manipulate and infiltrate traffic-control systems that govern traffic lights and other road systems in more than 40 major cities across the us, including Ny, Los Washington and Angeles D.C.
Cyber attackers could change light colors, delay signal changes and alter digital speed limits, causing traffic jams, gridlock or – in a worst-case scenario – automobile accidents. Cesar Cerrudo, a cyber researcher at IOActive, said security measures in the traffic-control devices were practically nonexistent.
This is a really big problem in security that these devices are not secure, he told AOL Autos. Attacks on these products will impact more of our regular life, because we depend on these products and these products.””, In the end””
Cerrudo, who will present his detailed research at the Infiltrate Security Conference on May 15 and 16, said it was both simple and cheap to intervene inside the necessary data streams when conducting his experiments around the streets Washington D.C. and New York City. In one case, he even breached traffic-control systems from a drone flying 650 feet overhead.
Here’s how it works: Sensors embedded in many roads gather data about how many cars pass by inside a given time measure and period anomalies in traffic flow – whether there’s no traffic or traffic jams. That facts are then wirelessly passed with an access point, which then sends it to some traffic-control system that gathers data from multiple access points. Based upon that information, the control system can determine whether adjustments in light cycles must be made. Inside an everyday scenario, such systems may make adjustments on light-cycle timing as traffic increases or tapers throughout the day.
Cerrudo didn’t directly infiltrate the traffic lights. Rather, he infiltrated the access points that provide the system data. He notes which he passively watched the data flow during his experiments, and never actively tinkered with real-life traffic. Had he held nefarious intentions, he could have, and that is his point.
The data quickly scans the blogosphere over the air without any encryption, so you can basically, with some specific hardware, capture all the information sent over the air, he said. Concurrently, you could send information on the air and make the access points believe you are a sensor. If you’re an attacker sending fake data, it is possible to manipulate the machine. And they don’t have any security.
What’s worse: Cerrudo said there’s not a way for authorities to necessarily detect an attack. The 1st indication can be an unexplained traffic jam or reports of malfunctioning lights. If somebody was monitoring the data streams or making subtle adjustments, no one will know. It might be happening at the moment.
More than 50,000 of your systems have already been deployed across the world, most of them from the U.S., Cerrudo estimated. Sensys Networks, maker of the VDS240 wireless vehicle detection system, did not return a request comment. Earlier this week, Brian Fuller, the company’s v . p . of engineering, told WIRED magazine, which first reported the about the research, that Homeland Security was content with the system,’ and that he had nothing more to provide on the matter.
While the severity of the mischief that could be a result of hacking to the traffic-control method is debatable from the present day, Cerrudo’s research is something of a cyber canary within the coal mine.
Increasingly, traffic and cars systems both are run by computers and wirelessly attached to the online world. Consequently, they’re more vulnerable to cyber security breaches or attacks. The Department of Homeland Security monitors such threats, and last year, the National Highway Traffic Safety Administration opened a division that deals with electronic security.
A year ago, Chris Valasek and Charlie Miller, 2 of Cerrudo’s colleagues at IOActive, published a white paper in which they describe the direction they hacked in to a Ford Escape and Toyota Prius and manipulated the controls of the vehicles.
As the us moves more toward a transportation environment in which vehicles communicate with both other vehicles and infrastructure, like traffic lights, the potential ramifications for a hacker gaining access to the machine at various entry points grow more pronounced.
Cerrudo, in a blog post, writes that for the time being, traffic departments in states/cities with vulnerable devices should pay special attention to traffic anomalies if you find no apparent reason, and closely watch the device’s behavior.